A story by John Markoff in the New York Times has more details about the December 2009 cyber attacks from China. It says that the source code to "Gaia", Google's password authentication system, was one of the targets. http://www.nytimes.com/2010/04/20/technology/20google.html?src=busln
Why is revealing the source code a problem? Does it rely on security through obscurity rather than sound authentication technology? Is it bug laden? Is it too complicated?
Blogoscoped's earlier discussion of attack: http://blogoscoped.com/archive/2010-01-13-n51.html
|
It's a good article. There is a important remark in it : << “If you can get to the software repository where the bugs are housed before they are patched, that’s the pot of gold at the end of the rainbow,” said George Kurtz >> |